Lessons From the Goldcorp Extortion

Unfortunately, another breach has made the headlines and it’s déjà vu all over again. The narrative surrounding the Goldcorp breach is similar to other doxing attacks:

• Attackers appear to have had undetected access to confidential information for months,
• Sensitive files and emails were stolen,
• And multiple GBs of data were exfiltrated without sounding an alarm.

The hackers in the Goldcorp incident claim they have emails showing corporate racism and sexism. But they were not entirely motivated by ideology. Instead, they also asked for money to not release the 1.8 GB of data they say is in their possession.

The hack also resulted in personal information about employees (ids, passwords, salaries) being disclosed.

The CEO of Goldcorp, a Vancouver-based mining company, points out that because they’re a public company, sensitive data is automatically in the public domain.

In any case, the breach underscores yet again the need to monitor access to confidential documents and mailboxes as if they were bank accounts.

And this incident is on top of the hacking of U.S. Steel for its IP involved in lightweight steel technology.

Our opinion on all this?

Perimeter defenses will not stop hackers from getting in. Period.

You’ll need to monitor file and other system activities. And the most effective way to interpret this activity is to compare it against a baseline, and use that to decide who’s a hacker (or insider), and who’s doing legitimate work.

In other words, you need User Behavior Analytics or UBA.

Got UBA? Learn more about how tracking behaviors can help mitigate your breach risks.